Bureaucracy in inaction

Back in September, a group of Czech artists called EPOS 257 camouflaged themselves as city-workers, went to the Palackeho square in Prague and installed a fence. The fence was left on the square with no apparent intent or explanation.

At first, the city council didn’t know about it, and when there were told, they didn’t know how to deal with it – what if somebody put it there for a reason?

The fence stayed for 54 days before being removed.

It’s amazing how encrusted our nominally public spaces have become, and sad to see that it’s not just the US that suffers from this.

Fence in a square

Epos 257 via Guerrilla Innovation

Emergent Chaos has TSA “trolls,” too

Over at We Won’t Fly, George Donnelly writes:

I was about to delete an offensive comment on this blog – one of the very few we get – and thought, hmm, I wonder where this guy is posting from? Because, really, it is quite unusual for us to get nasty comments. Lo and behold, the troll posted to our website from an IP address controlled by the federal government’s Department of Homeland Security! Here is the taxpayer-funded troll’s gem of a comment, for your entertainment:

In response to Chris’s “Ron Paul supporter inadvertently gets iPhones banned from U.S. aircraft” we got a comment from 216.81.80.134. It was from Ran, and he wrote:

“What color eyes and hair did the terrorist who shot up the Holocaust museum a few days ago have? How about the guy who murdered that abortion doctor?
Are you suggesting that your blonde haired blue eyed friend should be given a pass when alarming airport metal detectors because he has an X-Ray image that he claims is of his ankle? You have got to be kidding, right?”

Which, really, isn’t a dumb comment. It’s an element of a reasonable threat assessment. Which just plays into my confirmation bias that our commenters are regularly smarter and more insightful (or at least more aware of privacy enhancing technologies and practices) than other blogs commenters.

Thank you all for a lovely year of insightful comments here at the combo.

TSA News roundup

Act:
Get this 2-page Passenger’s Rights Sheet: http://saizai.com/tsa_rights.pdf

The Emergent Chaos of Facebook relationships

This is a fascinating visualization of 10MM Facebook Friends™ as described in Visualizing Friendships by Paul Butler.

A couple of things jump out at me in this emergent look at geography. The first is that Canada is a figment of our imaginations. Sorry to my Canadian friends (at least the anglophones!)

The second is that borders seem to be remarkably effective at inhibiting friendships, especially in Asia.

Facebook-World.png

TSA News roundup

Finally some humor from Lucas Cantor:

abitmuch.jpg


and another:

tsa-touch-their-balls.jpg

“Proof” that E-Passports Lead to ID Theft

A couple of things caught Stuart Schechter’s eye about the spam to which this image was attached, but what jumped out at me was the name on the criminal’s passport: Frank Moss, former deputy assistant secretary of state for passport services, now of Identity Matters, LLC.

And poor Frank was working so hard to claim that e-passports wouldn’t lead to impersonation or ID thefts.

I’m sorry that someone is impersonating Frank and using his passport to try to drain funds, but we told him that this would happen.

passport.png

The TSA’s Approach to Threat Modeling

“I understand people’s frustrations, and what I’ve said to the TSA is that you have to constantly refine and measure whether what we’re doing is the only way to assure the American people’s safety. And you also have to think through are there other ways of doing it that are less intrusive,” Obama said.

“But at this point, TSA in consultation with counterterrorism experts have indicated to me that the procedures that they have been putting in place are the only ones right now that they consider to be effective against the kind of threat that we saw in the Christmas Day bombing.” (“Obama: TSA pat-downs frustrating but necessary“)

I’ve spent the last several years developing tools, techniques, methodologies and processes for software threat modeling. I’ve taught thousands of people more effective ways to threat model. I’ve released tools for threat modeling, and even a game to help people learn to threat model. (I should note here that I am not speaking for my employer, and I’m now focused on other problems at work.) However, while I worked on software threat modeling, not terror threat modeling, the President’s statement concerns me. Normally, he’s a precise speaker, and so when he says “effective against the kind of threat that we saw in the Christmas Day bombing,” I worry.

In particular, the statement betrays a horrific backwards bias. The right question to ask is “will this mitigation protect the system against the attack and predictable improvements?” The answer is obviously “no.” TSA has smart people working there, why are they letting that be the headline question?

The problems are obvious. For example, in a Flyertalk thread, Connie asks: “If drug mules swallow drugs and fly, can’t terrorists swallow explosive devices?” and see also “New threat to travellers from al-Qaeda ‘keister bomb’.”

Half of getting the right answer is asking the right questions. If the question the President is hearing is “what can we do to protect against the threat that we saw in the Christmas day bombing (attempt)” then there are three possible interpretations. First is that the right question is being asked at a technical level, and the wrong question is being asked at the top. Second, the wrong questions are being asked up and down the line. Third is that the wrong question is being asked at the top, but it’s the right question for a TSA Administrator who wants to be able to testify before Congress that “everything possible was done.”

I’ve said before and I’ll say again, there are lots of possible approaches to threat modeling, and they all involve tradeoffs. I’ve commented that much of the problem is the unmeetable demands TSA labors under, and suggested fixes. If TSA is trading planned responses to Congress for effective security, I think Congress ought to be asking better questions. I’ll suggest “how do you model future threats?” as an excellent place to start.

Continuing on from there, an effective systematic approach would involve diagramming the air transport system, and ensuring that everyone and everything who gets to the plane without being authorized to be on the flight deck goes through reasonable and minimal searches under the Constitution, which are used solely for flight security. Right now, there’s discrepancies in catering and other servicing of the planes, there’s issues with cargo screening, etc.

These issues are getting exposed by the red teaming which happens, but that doesn’t lead to a systematic set of balanced defenses.

As long as the President is asking “Is this effective against the kind of threat that we saw in the Christmas Day bombing?” we’ll know that the right threat models aren’t making it to the top.

The 1st Software And Usable Security Aligned for Good Engineering (SAUSAGE) Workshop

National Institute of Standards and Technology
Gaithersburg, MD USA
April 5-6, 2011

Call for Participation

The field of usable security has gained significant traction in recent years, evidenced by the annual presentation of usability papers at the top security conferences, and security papers at the top human-computer interaction (HCI) conferences. Evidence is growing that significant security vulnerabilities are often caused by security designers’ failure to account for human factors. Despite growing attention to the issue, these problems are likely to continue until the underlying development processes address usable security.

See http://www.thei3p.org/events/sausage2011.html for more details.